Home > mailing lists

Re: Universal certificate for verify-full ssl connection - Mailing list pgsql-general

From	Magnus Hagander
Subject	Re: Universal certificate for verify-full ssl connection
Date	May 31, 2011 08:52:40
Msg-id	BANLkTinQ7gSUwB+dbGXpQBeWc33Qh+yNug@mail.gmail.com Whole thread Raw
In response to	Re: Universal certificate for verify-full ssl connection (Craig Ringer <craig@postnewspapers.com.au>)
List	pgsql-general

Tree view

On Tue, May 31, 2011 at 10:06, Craig Ringer <craig@postnewspapers.com.au> wrote:
> On 31/05/11 15:40, Asia wrote:
>
>> Would you please advise what I am doing wrong? Or maybe there is other way to generate wildcard certificate ? Or
maybethis is a possible bug? 
>
> I wouldn't be surprised if libpq didn't support wildcard certificates at
> all. I doubt there's ever been any demand for them.

It certainly does, and it's an important feature.

However, it's not intended to be used with IPs, it's intended to be
used with hostnames. The wildcard pattern has to start with "*."
(including the dot) to be considered. Thus a simple '*' in the
wildcard will not work, and anything starting with '*.' will never
match all IPs.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

pgsql-general by date:

From: Craig Ringer
Date: 31 May 2011, 08:06:15
Subject: Re: Universal certificate for verify-full ssl connection

From: Tarlika Elisabeth Schmitz
Date: 31 May 2011, 10:10:41
Subject: Re: trigger - dynamic WHERE clause

Re: Universal certificate for verify-full ssl connection - Mailing list pgsql-general

Previous

Next